diff options
| author | Topi Miettinen <toiwoton@gmail.com> | 2019-02-19 00:30:12 +0200 |
|---|---|---|
| committer | Topi Miettinen <toiwoton@gmail.com> | 2019-02-20 10:50:44 +0200 |
| commit | 99894b867f1293f56d181d62f5015c5a0a8adbda (patch) | |
| tree | 9b5dd7abaeee2127719bb3cc5baa4889df4e5bb0 /units/systemd-importd.service.in | |
| parent | aecd5ac6218f6291186b530b89cf2e97333fffc0 (diff) | |
| download | systemd-99894b867f1293f56d181d62f5015c5a0a8adbda.tar.gz | |
units: enable ProtectHostname=yes
Diffstat (limited to 'units/systemd-importd.service.in')
| -rw-r--r-- | units/systemd-importd.service.in | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/units/systemd-importd.service.in b/units/systemd-importd.service.in index 20704a8232..38b7d7e94b 100644 --- a/units/systemd-importd.service.in +++ b/units/systemd-importd.service.in @@ -20,6 +20,7 @@ KillMode=mixed CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD CAP_SETFCAP CAP_SYS_ADMIN CAP_SETPCAP CAP_DAC_OVERRIDE NoNewPrivileges=yes MemoryDenyWriteExecute=yes +ProtectHostname=yes RestrictRealtime=yes RestrictNamespaces=net RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 |